Georgia medical group pays $1.5M to settle HIPAA noncompliance allegations: 4 details

The Office of Civil Rights agreed to settle systemic HIPAA noncompliance with a Georgia-based orthopedic practice stemming from a 2016 incident, according to a Sept. 21 announcement.

Four details:

1. Athens (Ga.) Orthopedic learned their database of patient records was posted online for sale on June 26, 2016; the hacker contacted the orthopedic group asking for payment in exchange for the copy of its stolen database two days later.

2. The hackers accessed the practice's EHR through a vendor's credentials and continued to access protected health information through July 16. Athens Orthopedic eventually reported to the ORC that 208,557 individuals were affected by the breach.

3. An ORC investigation revealed longstanding, system non-compliance, according to an agency report.

4. Athens Orthopedics agreed to pay $1.5 million to settle noncompliance allegations and adopt a corrective action plan.

More articles on cybersecurity:
Ransomware attack encrypts 30 servers at German hospital: 5 details
Patient sues BJC HealthCare over employee email hack: 4 details
6 more health systems identified in Blackbaud security breach, bringing total to 27

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Whitepapers

Featured Webinars